Configuring VMWare Workstation 8 for PFSense Installation

CDeLorme

I am a self-proclaimed connoisseur of estranged configurations; I find myself drawn to setting up very unusual networks and making what some consider "odd requests" of software on my machines. This guide was written for like-minded individuals, and covers how to configure VMWare Workstation 8 to allow for a functional PFSense installation. Installing PFSense should be the same as always, and will not be covered by this guide.

Table of Contents:

The Setup!
Why a VM?
Why Workstation 8?
How does it Perform?
My Hardware
Some thoughts on the future

The Setup!

If you are planning to share your network to a switch, your system will need at least two ethernet ports, probably an onboard & an expansion NIC. If you just one it for the host, you can configure it to use the virtual loopback device, I won't be covering that though.

Download & Install Workstation 8, the launch it! Managing a virtual machine is done through the Home tab, you'll want to start by selecting Virtual Network Editor.

By default, the VMWare bridged protocal will say automatic, but we need to change that if we plan to use each NIC separately (We need a WAN and a LAN). Select one of the Ethernet connections as your WAN, and then click "Add Network". Setup this new one to bridge to the other NIC.

Next we want to adjust your network adapter settings. Since we are taking the assigned WAN adapter and giving VMWare full control over it, if you skip this step it will not work right because Windows will attempt to use this connection, and if you have only one IP it will fail (It may function, although queerly, if you are connected from a DHCP Router and not directly to a Modem).

So go to Control Panel > Network & Sharing Center > Change Adapter Settings, and change the properties of the port you are using as your WAN:

Next, go and download the PFSense iso from the available mirrors, I grabbed the amd64 iso.gz, you are welcome to get the i386 if you prefer. Be sure to unzip it. Next, from the VMWare Workstation 8 Home tab, select Create a new virtual machine. The steps from here should be fairly strait forward, I selected Custom, pointed it to the iso (which you have to unzip), then for the OS select "other" then FreeBSD (64bit for amd64).

I went with the defaults for the rest mostly, except for RAM and Harddrive, mine uses 512 Megs of RAM and takes up barely 25% of a 2GB Hard Drive. Be sure to uncheck the "Power on this virtual machine" because you will want to make some additional configuration changes before launching. Click customize hardware and add another network adapter. Assign one to bridged, and the other to whatever VMNet you gave to your second port.

After this you can power it on and run the installer. It might be a good idea to grab the last few digits of the MAC addresses it gives to the NICs if you need to manually assign them in the installation. The rest is standard PFSense installation & configuration. Configure PFSense to your liking, once it is done I highly recommend making a snapshot. If you ever make a change in the future that botches the setup, you can revert it with a mouseclick:

Your next step is getting it to start at boot, to do so you will need to share the virtual machine. It must be stopped first, right click > Manage > Share, it'll ask if you want to move or clone it (up to you):

After that, right click shared VMs on the sidebar and select "Manage Autostart VMs", where all you have to do is click a checkbox.

After that reboot the computer, and you are set to go! The VM will start with the system, before you login.

Why a VM:

I use PFSense for a home network, and to experiment for fun. As a home user I am less concerned about the network demands as I am about ease of access and maintenance. If a headless tower goes down and I can't remote in to fix it, I'd have to connect a keyboard, mouse & monitor. Well with a VM you get snapshots for a quick-fix, and also direct access through whichever machine you have it running on. Another less crucial benefit is a lower electric bill, as a home user I'd have my host machine running all the time anyways, so now it's one computer instead of two.

Why Workstation 8:

There are many reasons to go with Workstation 8. VMWare Server 2 hasn't been updated in years, and isn't receiving any support in the future. VMWare has discontinued that product line in favor of ESX/i, and there are no other alternatives that had auto-start at boot… until Workstation 8.

For those coming from VMWare Server, I can tell you the cost of VMWare Workstation is probably worth it, I'll go into details in the next section. If you have a powerful multi-core system and haven't tried virtual machines before, you won't be disappointed (you don't need powerful graphics support for Unix/Linux terminals).

For those wondering why I didn't try ESX/i, checking the HCL for compatible consumer hardware is a nightmare, and I was less interesting in trying to get that functional than just running Workstation on my current host. My host computer runs Windows Server 2008 R2, which may be laughable to some but since I use this machine for multimedia and gaming there are no other feasible alternatives.

So, Workstation 8 is the first in the workstation lineup to offer autostart VMs at boot, and while Workstation 7 could launch headless VMs, to do so automatically at boot required you to set your system to auto-login without a password to run batch scripts. Unlike VMware Server, Workstation has a full console so no more IE Plugins or decrepit Firefox 3.5 plugins.

How does it perform:

I run a PS3 on my network, and it used to show NAT Type 2 with ~900kbps for download speeds, as soon as I got Workstation up it now shows anywhere from ~9-15mbps, that's a significant jump.

I couldn't get VMWare Tools to install when I used to use VMWare Server which might have been relative, but another problem is likely the outdated drivers.

Additionally my configuration ran with less assigned RAM to the virtual machine(s).

My Hardware & Software:

My host machine contains a Sandybridge Core i7 2600, 8GB of Corsair XMS 1333 DDR3, an nVidia GTX460 GPU, 650W Corsair PSU, Asus P8H67-M LX (The firmware on these new mobos is epic), and sits in a mid-tower case.

My network consists of mostly CAT6 and some CAT5e cables, an ASUS 8-port gigabit switch, and an Airport Extreme for wireless N.

The network normally provides service to PS3 & Wii consoles, two laptops, a wireless printer, and the host machine. The host machine has two virtual machines that start on boot, PFSense and Debian Squeeze for web hosting & test development. This makes for a total of 8 machines, 2 of which are virtual.

If you have a Core i7 you should have no problem achieving outstanding performance, I can play games and videos in HD without any slowdowns in performance. The new sandybridge systems are rock solid. I would imagine any quad core system could easily run PFSense in a VM and still provide decent host performance.

Other Thoughts:

I would love it if Wireless NICs could be shared to guest machines, then I could ditch my airport. Not sure if this will ever happen.

I think modern hardware and virtual machines make it possible to put more tasks back onto one system, and believe that there will be growth in the demand for people who understand and can design virtual topologies.

dmwizzard

Nice guide, thnx for posting… it's just want i needed for my set-up (After two days of pulling my hair out wondering how to stop windows using the NICs :) )
My setup is almost the same except my VMWare is on a remote machine running XP.

I've got my NICs running and connect to their ISPs... But, how do i direct traffic through the VM>PFS> then out on the WANs?

I want to run Bittorrent through load balancing on this XP box.

Cheers.

_Adrian_

Was going to install ESX into the DL360 but this changed my mind.
Im going to be doing a similar setup but mine will simply be running pfSense and FOG.
Will be adding in a SCSI Card so i can attach my MSA2o in there which is partially populated with 4 x 1TB drives leaving me with 8 Empty bays

dmwizzard

@dmwizzard:

Nice guide, thnx for posting… it's just want i needed for my set-up (After two days of pulling my hair out wondering how to stop windows using the NICs :) )
My setup is almost the same except my VMWare is on a remote machine running XP.

I've got my NICs running and connect to their ISPs... But, how do i direct traffic through the VM>PFS> then out on the WANs?

I want to run Bittorrent through load balancing on this XP box.

Cheers.

I think I found a quick-n-dirty solution… not sure if it's the right way to do it but, It's working. ;D

On my LAN NIC (Of the host via Windows) I've changed the default gateway to the same address as the Webconfigurator. :o
I've also noticed that if I do the same on any machine on my network I can re-direct traffic through the VW too!

Of course, If there is a better way of doing this I be greatful if someone could share. :-*

pf123user

Is there vmware tools for BSD?

EDIT: I meant for pfSense and 2.0 RELEASE. At this point I can only see something for 1.2 but can't even find 123 and don't see any mention of 2.0.

What did you do OP?

CDeLorme

Wow, sorry for not replying sooner everyone, glad my guide was helpful.

dmwizzard, in my setup the ISP Modem Ethernet runs strait to my Host Machine & VM, from the sounds of things your setup has a router/switch already connected, and your workstation and "remote" XP system are both already on an intranet.

This means your network connections look like this:
ISP Modem >> Router or Switch >> The Computer You Are Using
ISP Modem >> Router or Switch >> XP Machine
ISP Modem >> Router or Switch >> New Line for Every Other Device

Because every device is at the same "level" XP Machine has no say or control of anything.

To fix this, you would need to connect the ISP Modem's Ethernet cable directly to the XP Machine, then run a cable from LAN NIC to the switch/router.

If you are using a router, I would suggest setting it to "bridged" mode, and letting PFSense handle the DHCP and other aspects, otherwise you'll end up with a separated subnet and won't be able to access your host machine remotely from the wireless connection.

If your remote machine is out of reach from the ISP Modem, the alternative is to get a second router, and set it up such that one connects to the XP Machine only, and everything else runs through the other one, which would be connected to the LAN NIC. If intranet security is a concern you'll obviously want to use different broadcast names (SSID's) and passwords.

I hope that helps, but let me know if I got it wrong or if you need more info.

Adrian, I had also considered ESX for full hardware control, because if I could get it working I could distribute and control the wireless from PFSense as a VM. However, that hinges on "if I could get it working", and all I have heard are horror stories due to the HLC really being for businesses and not consumers. I am a consumer, I don't own "server" products, so for me it was just an easier choice to go with VMware Workstation.

I can say that the Internet speeds are great, but I haven't tested for intranet speed bottlenecks as I don't know exactly how to go about doing that. I do have CAT6 cabling so if you have any good suggestions I would love to test them, same goes for any knowledge of ESX support for consumer model products.

pf2.0nyc, I did install VMware Tools, it comes with VMWare, but I vaguely remember having to do a little dance to get it working.

VMWare Tools requires Perl, as most of its install scripts are written in it, and I want to say I installed some else alongside it, unfortunately my "history" is empty because I recently restored.

In any case, Perl is an easy install:
pkg_add -v -r perl
Or use ports if you feel more comfortable with that:
http://www.cyberciti.biz/faq/howto-installing-perl-on-freebsd/

After that I think I just clicked the menu VM > Install VMWare Tools…

There is a guide, and I think the first time I did it I was able to access it via help, and I thought a tooltip even suggested it.
The closest I could find currently was for VMWare Workstation 5.5, but my guess is it must be very similar:
http://www.vmware.com/support/ws55/doc/ws_newguest_tools_freebsd.html

Let me know if you get it working!

_Adrian_

@CDeLorme:

Adrian, I had also considered ESX for full hardware control, because if I could get it working I could distribute and control the wireless from PFSense as a VM. However, that hinges on "if I could get it working", and all I have heard are horror stories due to the HLC really being for businesses and not consumers. I am a consumer, I don't own "server" products, so for me it was just an easier choice to go with VMware Workstation.

I can say that the Internet speeds are great, but I haven't tested for intranet speed bottlenecks as I don't know exactly how to go about doing that. I do have CAT6 cabling so if you have any good suggestions I would love to test them, same goes for any knowledge of ESX support for consumer model products.

Well…
The way i look at it some retired server hardware still has enough muscle for the home user if "ported" properly!

Downfall is that most people are green eared hippies and they want performance out of tiny plastic boxes which isn't gonna happen easily.
My DL360 is a G4 and has 2x 3.8Ghz Xeon's and 8Gb of RAM.
I'm going to use the embedded NICs for uplink to the modem and the other port for management.
Also i tossed in a Melanox 10G card that gives me 2x 10GBe CX4 ports and I might add another for redundancy
So far, all my backbone devices have 4x 10GBe Ports, and the backbone will be a mix of LACP and SPT protocols.

BenKenobe

I am a self confessed green eared hippie - yes I was around in the sixties …

I have several Dell server boxes I could use but I don't for three reasons - they are large, they are NOISY!! and they use way too much juice, efficient they aint, the PSU's burn 200 Watts even when the server is shut down if you leave power on them.

So like the OP I run my pFSense in a VM (workstation not ESX) on a watercooled e6600 CPU based box alongside the website VM and mailserver VM all sitting under windows 7 enterprise. A major league advantage of this is that I keep copies of all the VM's, anything gets messed up I simply copy the image back and I'm good to go (a lesson I took from Acronis True Image).

I also didn't use ESX because frankly it is even fussier than Windows servers used to be - don't have time for that crap either so I'm with the OP here.

For what it is worth I run three NIC's in the box that I run VMWare on, two have everything unticked except the VMWare bridge protocol - and I do mean everything unticked IPV4, IPV6 etc etc.

These I use and set VMWare networking to bridge them on VMNet0, VMNet1 respectively, one is for the PPPoE, one is the host/gateway connection and are alocated specifically to the pFSense VM and nothing else. The third NIC I set to VMNet2, also bridged but in windows NIC settings everything is ticked, this third NIC means that the server looks like another box on the network (Windows can't use or allocate IP's etc to NIC's 1 & 2). I will be putting in a 4th NIC to serve the Web and EMail servers.

If you are going to use pFSense in a VM then the host machine needs at least 3 NIC's (in my opinion anyhow).

Performance is every it as good as it was on dedicated hardware, if anything I'd say it was slightly better (was on a miniATX motherboard with an e5700 cpu and 2Gb ram). I retired the PC hardware and went VM because I am a self confessed green eared hippie, whilst I don't care about the size of the hardware I do care about the size of my energy spend.

zlyzwy

Hi,

Great guide~

This is really similar what I did at home. I am running an ITX D525 with 4GB memory and it works great.

I have just one question, your host PC has two interfaces and you assigned to PF as WAN and LAN. So you can’t access the host in remote, am I right? Like this:
Interface 1 –> WAN
Interface 2 --> LAN --> Switch

Actually I have the third interface card, I was trying to use it to access the host with Windows Remote Desktop. Like this:
Interfaces 2 --> Switch --> Interface 3

There problem here is when I used RDP in LAN, it will be fine.
When I access the host PC from WAN, the network will be down. Then I disconnected the RDP, everything will just be fine.

I tried a lot but there is no information about this issue.

Now I am using VNC, it seems to be OK, but it seems to be slowly…

I will be appreciated if you have any experience on similar issue?

Thanks.

BenKenobe

You will need to use the third NIC and use NAT / Port forwarding into the host IP, I do this regularly and use WinVNC to do so. If you allow Windows to do anything to the first two NIC's things get really messed up based on my experience. No windows client, file sharing, IPV4, IPV6, QOS - nothing only the VMWare bridge on the first two NICS, everything on the third - this will be used to access your host (at least it is in my config).

You need to edit the VMWare network too and set bridging to each available NIC, you must then set the appropriate VMNet to use manually in ALL virtual machines or VMWare will select the first in the list.

Part of your network loss though could be caused by how RDP works. RDP never provides access to console session 0 regardless of what anyone tells you it simply doesn't and no /admin or any other switch will bypass this. This means that any autostart apps you have will start up for each and every terminal services session you open - damned ugly and causes mayhem (plus I have some applications whose notices cannot be viewed in terminal services session they always display on console 0). Your alternative of course is to have a different username for 'external' access.

If you must use RDP from outside use a non standard port, I regularly see external sources trying to RDP onto my boxes. Personally I'd stick to VNC but again don't use the default ports.

Thinking about it without port forwarding you shouldn't be able to RDP from the WAN pFSense should block you.

zlyzwy

You will need to use the third NIC and use NAT / Port forwarding into the host IP, I do this regularly and use WinVNC to do so. If you allow Windows to do anything to the first two NIC's things get really messed up based on my experience. No windows client, file sharing, IPV4, IPV6, QOS - nothing only the VMWare bridge on the first two NICS, everything on the third - this will be used to access your host (at least it is in my config).

You need to edit the VMWare network too and set bridging to each available NIC, you must then set the appropriate VMNet to use manually in ALL virtual machines or VMWare will select the first in the list.

Thanks for your explanation, I can totally understand your configuration because I did the almost same.

Part of your network loss though could be caused by how RDP works. RDP never provides access to console session 0 regardless of what anyone tells you it simply doesn't and no /admin or any other switch will bypass this. This means that any autostart apps you have will start up for each and every terminal services session you open - damned ugly and causes mayhem (plus I have some applications whose notices cannot be viewed in terminal services session they always display on console 0). Your alternative of course is to have a different username for 'external' access.

I was always suspecting it's the problem of RDP but I can't find any reference. it does make sense with your explanation. I will continue to use the VNC instead of RDP.

If you must use RDP from outside use a non standard port, I regularly see external sources trying to RDP onto my boxes. Personally I'd stick to VNC but again don't use the default ports.

Thinking about it without port forwarding you shouldn't be able to RDP from the WAN pFSense should block you.

Thanks again for your hints. :)

zlyzwy

Once again I am confused about my network especially when PF running under VM Workstation, the host PC will have a very poor performance if I connect from WAN.

I am trying to setup a FTP server on the host PC (windows2003).

When I connect to the FTP server within LAN, it will be totally no problem.
The speed is extremely fast (around 1000M/s).

When I connect to the FTP server from WAN, it will be very slowly (3xxbit/s).

I have a fast Internet connection from my host to Internet (up to 20M/s), there should not have this performance.

CDeLorme

Sorry, I haven't been to the forums in a bit so this reply may be a bit late.

Local access will always be substantially faster. Most ISP's provide two speed ratings, one for download and one for upload. Consumer speed ratings tend to be purely focused on download speeds. For example, at $80 a month I can get a consumer plan with 30Mbps download speed, but only 5Mbps upload speed. Also, notice the lowercase b, which means Megabits not Megabytes. 8 bits to a byte, which means 5Mbps is 0.625MBps.

Without even taking performance into consideration, I have yet to find a simple, secure, multi-platform file sharing service that works natively on common platforms over WAN.

Ben is correct about the NAT port forward needed for WAN access via RDP. However, with Windows 7 you do not need a 3rd NIC.

On the first NIC you disable all the services, this is your WAN NIC. This is primarily so that Windows does not steal the single gateway IP.

The second interface you leave alone. Provided it has a cable plugged into it, the port will be active, and will be treated as a virtual bridge before heading to your switch. Windows will receive its LAN IP from there, and in my case I have a second Linux Web Server VM that also receives a LAN IP via my 2nd NIC.

Problems only occur if you unplug the NIC, because windows turns the device off, which kills the connection.

If you are worried about security, you can create a separate LAN in PFSense, but in my case I use it for file sharing so I wanted my Intranet to be able to access my host.

What you are doing with the 3rd adapter currently is a manual loop back. However, Windows lets you add a virtual loop back adapter, which solves the security concerns and unplugged port problem. For security, you can bridge a new PFSense LAN to the new virtual device. For potential cable problems, you can bridge it to your 2nd NIC instead.

This configuration worked for me for over 6 months without a single problem. However, I decided to try looking at more advanced virtualization solutions this week, including ESXi and Xen, so I just recently unplugged my Windows server.

zlyzwy

Once again I am confused about my network especially when PF running under VM Workstation, the host PC will have a very poor performance if I connect from WAN.

I am trying to setup a FTP server on the host PC (windows2003).

When I connect to the FTP server within LAN, it will be totally no problem.
The speed is extremely fast (around 1000M/s).

When I connect to the FTP server from WAN, it will be very slowly (3xxbit/s).

I have a fast Internet connection from my host to Internet (up to 20M/s), there should not have this performance.

I have solved this problem by coincidence. I recently switch the NIC's ports, I mean I delete all the bridge settings in VM Network Editor, and then add them again. then I found the problem gone.

Anyway, for me it's now totally no problem.. Thanks for your hints.

gazzy84

Good Morning (I'm in Italy) :) to all….
I've done an entire virtual infrastructure, for testing VMware View service over a satellite internet connection.
I have a phisical machine wich runs CentOS 6.2 which has two network adapters (eth0 is on the hom LAN, and eth1 has a pubblic IP addres), on wich I have installed Vmware Workstation 8, on the workstation there is an host ESXI.
Over the host ESXi there are a lot of VM that I needed for the infrastructure of Vmware View.
Everyone of this VM has an IP like 192.168.x.x, and for completing this Home LAN infrastructure, I would like to create a firewall and a router (pfsense) so I can access this infrastructure from the Web, using lastone pubblic IP address i have.
I hope i've explained well the infrastructure, but i come to the question...
How to set uo the Nic for the Pfsense? How many virtual Nic i have to give to it's VM? Which one I've to NAT and which one i have to bridge, and on which connection or network?
I was forgetting....the networking of the WOrkstation is obviusly bridged over the eth0 (over the home LAN)....
Thanks to every one who will answer me...

bartgrefte

@CDeLorme:

Next we want to adjust your network adapter settings. Since we are taking the assigned WAN adapter and giving VMWare full control over it, if you skip this step it will not work right because Windows will attempt to use this connection, and if you have only one IP it will fail (It may function, although queerly, if you are connected from a DHCP Router and not directly to a Modem).

So go to Control Panel > Network & Sharing Center > Change Adapter Settings, and change the properties of the port you are using as your WAN:

Does that make all traffic from/to the WAN-interface go straight to the virtual machine and it will not leave the host directly exposed to the world wide web?

@CDeLorme:

Other Thoughts:

I would love it if Wireless NICs could be shared to guest machines, then I could ditch my airport. Not sure if this will ever happen.

That would be great if that would ever be possible. I'm curious what would be the best way now to set up a WAP with a mPCIe card in combination with pfSense in VMWare on a XP host. My guess is, let pfSense handle DHCP and the traffic, but use http://www.virtual-ap.com/ to set up the actual access point. Not sure if it will work this way though.

Ps. All the pictures in you're howto seem to be down ???

edit: Would it be a problem if the CPU of the system in question does not support any hardware visualization? From what I managed to find, that shouldn't be a problem with 32bit guest OS'ses….

CDeLorme

Hey, thanks for the message.

You are correct, by turning off all Windows controls you are telling Windows to ignore the device and all traffic on it. I'm sure there are steps you could take to secure it further, but I had no trouble using it like that for about a year.

I was able to create a third bridge to a wireless card, but I had to use a third party tool to act as a second DHCP server, in the end I chose not to as it separated components on my network (not to mention Double NAT).

Even now (6~ months past my original post) there are no Wireless N drivers so even if you could give it direct access you would run Wireless G speeds at best.

For now if you are setting up a WAP you would want to use a router in bridged mode. Virtual-ap would work but then PFSense isn't acting as the DHCP server, and you have little control over traffic on the Wireless NIC before it gets to PFSense.

I apologize for the loss of photos, I made the mistake of not setting up an account with IMGUR and took my server down for retinkering about a month and a half ago.

You can run virtual machines without VT-x but performance may be sluggish since you are emulating hardware commands.

I only expected my server to be down for a week, and was going to setup Xen. What a mistake that was, took me from early March until just now and I finally have a Xen version of the same configuration. Just finished all the tweaks an hour ago.

With Xen, a hypervisor, I can pass hardware to a virtual machine, which would allow me to provide Wireless G from the machine directly. It was NOT easy to setup and I don't recommend it if you value your sanity, but I will be posting a short tutorial on PFSense with Xen in the future, as well as some benchmarks.

I can't seem to modify the original post, so I will place the imgur album here in case I have to take my server down again:
http://imgur.com/a/zxJBZ

bartgrefte

While I was waiting for a response I've been doing some more research and emailing with the manufacturer of the wifi-card I got. I can forget setting up a WAP with Windows as OS with that card, there's no support what so ever for that in the Windows drivers, Virtual AP wouldn't work because of that (so I've been told) plus there's a serious lack of settings in that program. Installed it on my laptop, you can barely change/set anything and there's no support for multiple wifi-cards as far as I can see. That's a problem since I want one setup as a 2.4GHz WAP and a 2nd one as a 5GHz WAP (can't do both with one card unfortunately). The 5GHz is a bit difficult though, regulatory domain issue, the whole 5GHz band is being blocked by some region/country code programmed into the wifi-card eventhough some 5GHz channels are free and legal to use here. Still looking into that.

Anyway, right now I'm considering Linux Mint LXDE as router OS, using Firestarter to get the right settings for the firewall. With hostapd there shouldn't be any problems setting up a WAP, got hostapd working without problems with IPFire (not counting the regulatory domain issue I mentioned). Only thing still on my mind is that I use 2 programs that are made for Windows, not Linux. Hope Wine would work for those, Davis Weatherlink and an eMule mod if you're curious. If everything works out, I won't be needing a virtual machine after all.

ps. The pics are working now :) , but http://cdelorme.com/images/journal/WorkstationHomeTab.png and http://cdelorme.com/images/journal/WANConfig.png are way to wide for the forum, those two are being cut off on the edge of the forum…

CDeLorme

I expected the forum to automatically limit image sizes to the width of the post columns, but I guess my faith in software was misplaced.

I wanted them large so they would remain readable, but the post is too old so I can't edit it now even if I wanted to shrink them.

Did you find a package that can create Wireless N WAP's? If so please do share, everything I have read for most router packages says they only have Wireless G WAP support still.

bartgrefte

Ah okay.

Well, if you want to set up a N WAP, then you need a Linux based OS (IPFire for example, running that right now) and hostapd (there's a hostapd addon for IPFire), that's it. And of course drivers that support it, but that would be stating the obvious I guess, the ath9k driver has support for that, don't know about others.

Ohw, if you are gonna use IPFire, please don't be surprised if you don't get the WAP working after reading/following the hostapd-addon/wifi wiki page, there's a lack of certain essential info there to get things going… Already mentioned that on the IPFire forum in a topic I created.